Vulnerability Description
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Knowledge Management Configuration Service | - |
| Sap | Epbc | >= 7.00, <= 7.02 |
| Sap | Epbc2 | >= 7.00, <= 7.02 |
| Sap | Kmc-Bc | 7.30 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102149Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2457562Permissions Required
- http://www.securityfocus.com/bid/102149Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2457562Permissions Required
FAQ
What is CVE-2017-16678?
CVE-2017-16678 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacke...
How severe is CVE-2017-16678?
CVE-2017-16678 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-16678?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Knowledge Management Configuration Service, Sap Epbc, Sap Epbc2, Sap Kmc-Bc.